Bug#533285: inn2: nnrpd crashes when retrieving entire thread
Julien ÉLIE
julien at trigofacile.com
Tue Jun 16 20:13:12 UTC 2009
Hi Russ,
> This is not a correct fix. It might be worthwhile to do a sanity check
> against strlen of the field
OK, it's indeed better.
> Retrieval of extended overview fields can't be done by index; it has to
> be done by walking the extended overview fields and doing string
> comparisons against the desired header name. The interface to
> overview_getheader() is therefore wrong, since it takes only an index.
> The API needs to change so that it takes the name of the desired header
> field instead and searches the extended header fields for the correct
> field.
We currently have:
char *
overview_getheader(const struct cvector *vector, unsigned int element,
const struct vector *extra)
We then just have to add a "const char *field". But couldn't we keep
the element number? (Otherwise, we would also have to walk the
mandatory fields -- and to change "Lines" and "Bytes" to respectively
":lines" and ":bytes".)
> Once it's rewritten to do that, the above sanity check wouldn't be
> necessary, so there's probably no point in making the partial solution.
Yep.
> xstrndup() got a perfectly valid size. It's a very large size, but
> there wasn't anything invalid about it. The API takes a size_t, which
> is unsigned.
All right, it is true that the log says "failed to strndup 4294967278 bytes"
(so the signed int was cast to an unsigned int).
--
Julien ÉLIE
« Quand on sait que le pied vaut environ 33 cm et que l'alexandrin
compte 12 pieds, il est facile de calculer qu'un stade vaut
environ 42 alexandrins. » (Astérix)
More information about the inn-workers
mailing list